DD.WellWorkover.Cloud/AsbCloudWebApi/Controllers/WellSectionController.cs

using AsbCloudApp.Data;
using AsbCloudApp.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Threading;
using System.Threading.Tasks;

namespace AsbCloudWebApi.Controllers
{
    [Route("api/well/{idWell}/sections")]
    [ApiController]
    [Authorize]
    public class WellSectionController : ControllerBase
    {
        private readonly IWellSectionService sectionsService;
        private readonly IWellService wellService;

        public WellSectionController(IWellSectionService sectionsService, IWellService wellService)
        {
            this.sectionsService = sectionsService;
            this.wellService = wellService;
        }

        [HttpGet]
        public async Task<IActionResult> GetAllAsync(int idWell, int skip = 0, int take = 32, CancellationToken token = default)
        {
            if(!CanUserAccessToWell(idWell))
                return Forbid();

            var result = await sectionsService.GetAllByWellIdAsync(idWell, skip, take, token).ConfigureAwait(false);
            return Ok(result);
        }

        [HttpGet]
        [Route("{idSection}")]
        public async Task<IActionResult> GetAsync(int idSection, int idWell, CancellationToken token = default)
        {
            if (!CanUserAccessToWell(idWell))
                return Forbid();

            var result = await sectionsService.GetAsync(idSection, token).ConfigureAwait(false);
            return Ok(result);
        }

        [HttpPost]
        public async Task<IActionResult> Insert(int idWell, [FromBody] IEnumerable<WellSectionDto> values, CancellationToken token = default)
        {
            if (!CanUserAccessToWell(idWell))
                return Forbid();

            var result = await sectionsService.InsertRangeAsync(values, idWell, token).ConfigureAwait(false);
            return Ok(result);
        }

        [HttpPut("{id}")]
        public async Task<IActionResult> Put(int id, int idWell, [FromBody] WellSectionDto value, CancellationToken token = default)
        {
            if (!CanUserAccessToWell(idWell))
                return Forbid();

            var result = await sectionsService.UpdateAsync(value, id, idWell, token).ConfigureAwait(false);
            return Ok(result);
        }

        [HttpDelete("{id}")]
        public async Task<IActionResult> Delete(int id, int idWell, CancellationToken token = default)
        {
            if (!CanUserAccessToWell(idWell))
                return Forbid();

            var result = await sectionsService.DeleteAsync(new int[] { id }, token).ConfigureAwait(false);
            return Ok(result);
        }

        private bool CanUserAccessToWell(int idWell)
        {
            int? idCompany = User.GetCompanyId();            
            return idCompany is not null && wellService.IsCompanyInvolvedInWell((int)idCompany, idWell);                
        }
    }
}